Error 520, but working normal if Cloudflare paused

I’m facing error 520 in my website

but it working normal if cloudflare paused

example of error:
URL: sarkumpak.nurpribadi.com
Cloudflare Ray ID: 87bdd773fb589ba2
cdn-cgi/trace:

fl=740f141
h=sarkumpak.nurpribadi.com
ip=103.176.252.28
ts=1714378667.863
visit_scheme=https
uag=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
colo=SIN
sliver=none
http=http/3
loc=ID
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off
rbi=off
kex=X25519

HAR files:
CF enabled
CF disabled

Currently I set CF to disabled so I can access my website, but I want to enable back cloudflare once the issue resolved.

As you are now direct to your server without the proxy…

Using cURL, the TLS handshake on your server seems to pause quite a lot for me leading to a slow page load or timeout. A 520 error from Cloudflare would happen if this takes longer than 100 seconds.

In a browser, the first load fails with a timeout, thereafter seems to load.

You’ll need to track this down on your server.

curl -Ivv --trace-time https://sarkumpak.nurpribadi.com --http1.1
09:07:34.127536 *   Trying 103.29.214.223:443...
09:07:34.456899 * Connected to sarkumpak.nurpribadi.com (103.29.214.223) port 443 (#0)
09:07:34.459940 * ALPN, offering http/1.1
09:07:34.505651 *  CAfile: /etc/ssl/certs/ca-certificates.crt
09:07:34.506302 *  CApath: /etc/ssl/certs
09:07:34.507019 * TLSv1.0 (OUT), TLS header, Certificate Status (22):
09:07:34.507456 * TLSv1.3 (OUT), TLS handshake, Client hello (1):
09:07:45.290768 * TLSv1.2 (IN), TLS header, Certificate Status (22):
09:07:45.290865 * TLSv1.3 (IN), TLS handshake, Server hello (2):
09:07:45.291373 * TLSv1.2 (IN), TLS header, Finished (20):
09:07:45.291420 * TLSv1.2 (IN), TLS header, Supplemental data (23):
09:07:46.073531 * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
09:07:46.073630 * TLSv1.3 (IN), TLS handshake, Certificate (11):
09:07:46.075593 * TLSv1.3 (IN), TLS handshake, CERT verify (15):
09:07:46.075770 * TLSv1.3 (IN), TLS handshake, Finished (20):
09:07:46.075884 * TLSv1.2 (OUT), TLS header, Finished (20):
09:07:46.075925 * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
09:07:46.076214 * TLSv1.2 (OUT), TLS header, Supplemental data (23):
09:07:46.076826 * TLSv1.3 (OUT), TLS handshake, Finished (20):
09:07:46.077355 * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
09:07:46.077906 * ALPN, server accepted to use http/1.1
09:07:46.078513 * Server certificate:
09:07:46.079168 *  subject: CN=sarkumpak.nurpribadi.com
09:07:46.079753 *  start date: Apr 18 11:45:25 2024 GMT
09:07:46.080400 *  expire date: Jul 17 11:45:24 2024 GMT
09:07:46.081057 *  subjectAltName: host "sarkumpak.nurpribadi.com" matched cert's "sarkumpak.nurpribadi.com"
09:07:46.081634 *  issuer: C=US; O=Let's Encrypt; CN=R3
09:07:46.082245 *  SSL certificate verify ok.
09:07:46.082845 * TLSv1.2 (OUT), TLS header, Supplemental data (23):
09:07:46.083235 > HEAD / HTTP/1.1
09:07:46.083235 > Host: sarkumpak.nurpribadi.com
09:07:46.083235 > User-Agent: curl/7.81.0
09:07:46.083235 > Accept: */*
09:07:46.083235 >
09:07:46.411487 * OpenSSL SSL_read: Connection reset by peer, errno 104
09:07:46.412115 * Closing connection 0
09:07:46.412333 * TLSv1.2 (OUT), TLS header, Supplemental data (23):
curl: (56) OpenSSL SSL_read: Connection reset by peer, errno 104
1 Like

Actually, I don’t know what to do.
I try what you are doing in curl and it works blazingly fast here, all under 1 second

❯ curl -Ivv --trace-time https://sarkumpak.nurpribadi.com --http1.1
16:11:01.375984 *   Trying 103.29.214.223:443...
16:11:01.387902 * Connected to sarkumpak.nurpribadi.com (103.29.214.223) port 443
16:11:01.392110 * schannel: disabled automatic use of client certificate
16:11:01.397616 * ALPN: curl offers http/1.1
16:11:01.475562 * ALPN: server accepted http/1.1
16:11:01.478661 * using HTTP/1.1
16:11:01.480637 > HEAD / HTTP/1.1
16:11:01.480637 > Host: sarkumpak.nurpribadi.com
16:11:01.480637 > User-Agent: curl/8.4.0
16:11:01.480637 > Accept: */*
16:11:01.480637 >
16:11:01.491819 < HTTP/1.1 200 OK
HTTP/1.1 200 OK
16:11:01.493818 < Connection: Keep-Alive
Connection: Keep-Alive
16:11:01.496823 < Keep-Alive: timeout=5, max=100
Keep-Alive: timeout=5, max=100
16:11:01.499476 < content-type: text/html
content-type: text/html
16:11:01.502079 < last-modified: Sat, 20 Apr 2024 18:08:54 GMT
last-modified: Sat, 20 Apr 2024 18:08:54 GMT
16:11:01.506011 < accept-ranges: bytes
accept-ranges: bytes
16:11:01.508898 < content-length: 1438
content-length: 1438
16:11:01.512069 < date: Mon, 29 Apr 2024 09:11:00 GMT
date: Mon, 29 Apr 2024 09:11:00 GMT
16:11:01.514694 < server: LiteSpeed
server: LiteSpeed
16:11:01.516889 < vary: User-Agent
vary: User-Agent
16:11:01.519036 < alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

16:11:01.527172 <
16:11:01.528745 * Connection #0 to host sarkumpak.nurpribadi.com left intact

but I can’t see the TLS handshake like your result, is it OS related? mine is win11
should I do curl trace-time with cloudflare enabled?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.